windows
0.60.0
Module Etw
Module Items
Structs
Constants
Traits
Functions
Type Aliases
Unions
In windows::
Win32::
System::
Diagnostics
windows
::
Win32
::
System
::
Diagnostics
Module
Etw
Copy item path
Structs
§
CLASSIC_
EVENT_
ID
CONTROLTRACE_
HANDLE
DECODING_
SOURCE
ENABLECALLBACK_
ENABLED_
STATE
ENABLE_
TRACE_
PARAMETERS
ENABLE_
TRACE_
PARAMETERS_
V1
ETW_
BUFFER_
CALLBACK_
INFORMATION
ETW_
BUFFER_
CONTEXT
ETW_
BUFFER_
CONTEXT_
0_
0
ETW_
BUFFER_
HEADER
ETW_
COMPRESSION_
RESUMPTION_
MODE
ETW_
OPEN_
TRACE_
OPTIONS
ETW_
PMC_
COUNTER_
OWNER
ETW_
PMC_
COUNTER_
OWNERSHIP_
STATUS
ETW_
PMC_
COUNTER_
OWNER_
TYPE
ETW_
PMC_
SESSION_
INFO
ETW_
PROCESS_
HANDLE_
INFO_
TYPE
ETW_
PROCESS_
TRACE_
MODES
ETW_
PROVIDER_
TRAIT_
TYPE
ETW_
TRACE_
PARTITION_
INFORMATION
ETW_
TRACE_
PARTITION_
INFORMATION_
V2
EVENTSECURITYOPERATION
EVENT_
DATA_
DESCRIPTOR
EVENT_
DATA_
DESCRIPTOR_
0_
0
EVENT_
DESCRIPTOR
EVENT_
EXTENDED_
ITEM_
EVENT_
KEY
EVENT_
EXTENDED_
ITEM_
INSTANCE
EVENT_
EXTENDED_
ITEM_
PEBS_
INDEX
EVENT_
EXTENDED_
ITEM_
PMC_
COUNTERS
EVENT_
EXTENDED_
ITEM_
PROCESS_
START_
KEY
EVENT_
EXTENDED_
ITEM_
RELATED_
ACTIVITYID
EVENT_
EXTENDED_
ITEM_
STACK_
KEY32
EVENT_
EXTENDED_
ITEM_
STACK_
KEY64
EVENT_
EXTENDED_
ITEM_
STACK_
TRAC
E32
EVENT_
EXTENDED_
ITEM_
STACK_
TRAC
E64
EVENT_
EXTENDED_
ITEM_
TS_
ID
EVENT_
FIELD_
TYPE
EVENT_
FILTER_
DESCRIPTOR
EVENT_
FILTER_
EVENT_
ID
EVENT_
FILTER_
EVENT_
NAME
EVENT_
FILTER_
HEADER
EVENT_
FILTER_
LEVEL_
KW
EVENT_
HEADER
EVENT_
HEADER_
0_
0
EVENT_
HEADER_
EXTENDED_
DATA_
ITEM
EVENT_
HEADER_
EXTENDED_
DATA_
ITEM_
0
EVENT_
INFO_
CLASS
EVENT_
INSTANCE_
HEADER
EVENT_
INSTANCE_
HEADER_
0_
0
EVENT_
INSTANCE_
HEADER_
1_
0
EVENT_
INSTANCE_
HEADER_
2_
0
EVENT_
INSTANCE_
HEADER_
2_
1
EVENT_
INSTANCE_
INFO
EVENT_
MAP_
ENTRY
EVENT_
MAP_
INFO
EVENT_
PROPERTY_
INFO
EVENT_
PROPERTY_
INFO_
0_
0
EVENT_
PROPERTY_
INFO_
0_
1
EVENT_
PROPERTY_
INFO_
0_
2
EVENT_
PROPERTY_
INFO_
3_
0
EVENT_
RECORD
EVENT_
TRACE
EVENT_
TRACE_
CONTROL
EVENT_
TRACE_
FLAG
EVENT_
TRACE_
HEADER
EVENT_
TRACE_
HEADER_
0_
0
EVENT_
TRACE_
HEADER_
1_
0
EVENT_
TRACE_
HEADER_
3_
0
EVENT_
TRACE_
HEADER_
3_
1
EVENT_
TRACE_
LOGFILEA
EVENT_
TRACE_
LOGFILEW
EVENT_
TRACE_
PROPERTIES
EVENT_
TRACE_
PROPERTIES_
V2
EVENT_
TRACE_
PROPERTIES_
V2_
1_
0
EVENT_
TRACE_
PROPERTIES_
V2_
2_
0
ITrace
Event
ITrace
Event
Callback
ITrace
Event
Callback_
Vtbl
ITrace
Event_
Vtbl
ITrace
Relogger
ITrace
Relogger_
Vtbl
MAP_
FLAGS
MAP_
VALUETYPE
MOF_
FIELD
OFFSETINSTANCEDATAANDLENGTH
PAYLOAD_
FILTER_
PREDICATE
PAYLOAD_
OPERATOR
PROCESSTRACE_
HANDLE
PROFILE_
SOURCE_
INFO
PROPERTY_
DATA_
DESCRIPTOR
PROPERTY_
FLAGS
PROVIDER_
ENUMERATION_
INFO
PROVIDER_
EVENT_
INFO
PROVIDER_
FIELD_
INFO
PROVIDER_
FIELD_
INFOARRAY
PROVIDER_
FILTER_
INFO
REGHANDLE
RELOGSTREAM_
HANDLE
TDH_
CONTEXT
TDH_
CONTEXT_
TYPE
TDH_
HANDLE
TEMPLATE_
FLAGS
TRACE_
ENABLE_
INFO
TRACE_
EVENT_
INFO
TRACE_
EVENT_
INFO_
2_
0
TRACE_
GUID_
INFO
TRACE_
GUID_
PROPERTIES
TRACE_
GUID_
REGISTRATION
TRACE_
LOGFILE_
HEADER
TRACE_
LOGFILE_
HEADE
R32
TRACE_
LOGFILE_
HEADE
R64
TRACE_
LOGFILE_
HEADE
R32_
0_
0
TRACE_
LOGFILE_
HEADE
R32_
1_
0
TRACE_
LOGFILE_
HEADE
R64_
0_
0
TRACE_
LOGFILE_
HEADE
R64_
1_
0
TRACE_
LOGFILE_
HEADER_
0_
0
TRACE_
LOGFILE_
HEADER_
1_
0
TRACE_
MESSAGE_
FLAGS
TRACE_
PERIODIC_
CAPTURE_
STATE_
INFO
TRACE_
PROFILE_
INTERVAL
TRACE_
PROVIDER_
INFO
TRACE_
PROVIDER_
INSTANCE_
INFO
TRACE_
QUERY_
INFO_
CLASS
TRACE_
STACK_
CACHING_
INFO
TRACE_
VERSION_
INFO
WMIDPREQUESTCODE
WMIREGGUIDW
WMIREGINFOW
WNODE_
ALL_
DATA
WNODE_
EVENT_
ITEM
WNODE_
EVENT_
REFERENCE
WNODE_
HEADER
WNODE_
HEADER_
0_
0
WNODE_
METHOD_
ITEM
WNODE_
SINGLE_
INSTANCE
WNODE_
SINGLE_
ITEM
WNODE_
TOO_
SMALL
_TDH_
IN_
TYPE
_TDH_
OUT_
TYPE
Constants
§
ALPC
Guid
CLSID_
Trace
Relogger
CTrace
Relogger
DIAG_
LOGGER_
NAMEA
DIAG_
LOGGER_
NAMEW
Decoding
Source
Max
Decoding
Source
Tlg
Decoding
SourceWPP
Decoding
Source
Wbem
Decoding
SourceXML
File
Default
Trace
Security
Guid
Disk
IoGuid
ENABLE_
TRACE_
PARAMETERS_
VERSION
ENABLE_
TRACE_
PARAMETERS_
VERSION_
2
ETW_
ASCIICHAR_
TYPE_
VALUE
ETW_
ASCIISTRING_
TYPE_
VALUE
ETW_
BOOLEAN_
TYPE_
VALUE
ETW_
BOOL_
TYPE_
VALUE
ETW_
BYTE_
TYPE_
VALUE
ETW_
CHAR_
TYPE_
VALUE
ETW_
COUNTED_
ANSISTRING_
TYPE_
VALUE
ETW_
COUNTED_
STRING_
TYPE_
VALUE
ETW_
DATETIME_
TYPE_
VALUE
ETW_
DECIMAL_
TYPE_
VALUE
ETW_
DOUBLE_
TYPE_
VALUE
ETW_
GUID_
TYPE_
VALUE
ETW_
HIDDEN_
TYPE_
VALUE
ETW_
INT16_
TYPE_
VALUE
ETW_
INT32_
TYPE_
VALUE
ETW_
INT64_
TYPE_
VALUE
ETW_
NON_
NULL_
TERMINATED_
STRING_
TYPE_
VALUE
ETW_
NULL_
TYPE_
VALUE
ETW_
OBJECT_
TYPE_
VALUE
ETW_
POINTER_
TYPE_
VALUE
ETW_
PROCESS_
TRACE_
MODE_
NONE
ETW_
PROCESS_
TRACE_
MODE_
RAW_
TIMESTAMP
ETW_
PTVECTOR_
TYPE_
VALUE
ETW_
REDUCED_
ANSISTRING_
TYPE_
VALUE
ETW_
REDUCED_
STRING_
TYPE_
VALUE
ETW_
REFRENCE_
TYPE_
VALUE
ETW_
REVERSED_
COUNTED_
ANSISTRING_
TYPE_
VALUE
ETW_
REVERSED_
COUNTED_
STRING_
TYPE_
VALUE
ETW_
SBYTE_
TYPE_
VALUE
ETW_
SID_
TYPE_
VALUE
ETW_
SINGLE_
TYPE_
VALUE
ETW_
SIZET_
TYPE_
VALUE
ETW_
STRING_
TYPE_
VALUE
ETW_
UINT16_
TYPE_
VALUE
ETW_
UINT32_
TYPE_
VALUE
ETW_
UINT64_
TYPE_
VALUE
ETW_
VARIANT_
TYPE_
VALUE
ETW_
WMITIME_
TYPE_
VALUE
EVENTMAP_
ENTRY_
VALUETYPE_
STRING
EVENTMAP_
ENTRY_
VALUETYPE_
ULONG
EVENTMAP_
INFO_
FLAG_
MANIFEST_
BITMAP
EVENTMAP_
INFO_
FLAG_
MANIFEST_
PATTERNMAP
EVENTMAP_
INFO_
FLAG_
MANIFEST_
VALUEMAP
EVENTMAP_
INFO_
FLAG_
WBEM_
BITMAP
EVENTMAP_
INFO_
FLAG_
WBEM_
FLAG
EVENTMAP_
INFO_
FLAG_
WBEM_
NO_
MAP
EVENTMAP_
INFO_
FLAG_
WBEM_
VALUEMAP
EVENT_
ACTIVITY_
CTRL_
CREATE_
ID
EVENT_
ACTIVITY_
CTRL_
CREATE_
SET_
ID
EVENT_
ACTIVITY_
CTRL_
GET_
ID
EVENT_
ACTIVITY_
CTRL_
GET_
SET_
ID
EVENT_
ACTIVITY_
CTRL_
SET_
ID
EVENT_
CONTROL_
CODE_
CAPTURE_
STATE
EVENT_
CONTROL_
CODE_
DISABLE_
PROVIDER
EVENT_
CONTROL_
CODE_
ENABLE_
PROVIDER
EVENT_
DATA_
DESCRIPTOR_
TYPE_
EVENT_
METADATA
EVENT_
DATA_
DESCRIPTOR_
TYPE_
NONE
EVENT_
DATA_
DESCRIPTOR_
TYPE_
PROVIDER_
METADATA
EVENT_
DATA_
DESCRIPTOR_
TYPE_
TIMESTAMP_
OVERRIDE
EVENT_
ENABLE_
PROPERTY_
ENABLE_
KEYWORD_
0
EVENT_
ENABLE_
PROPERTY_
ENABLE_
SILOS
EVENT_
ENABLE_
PROPERTY_
EVENT_
KEY
EVENT_
ENABLE_
PROPERTY_
EXCLUDE_
INPRIVATE
EVENT_
ENABLE_
PROPERTY_
IGNORE_
KEYWORD_
0
EVENT_
ENABLE_
PROPERTY_
PROCESS_
START_
KEY
EVENT_
ENABLE_
PROPERTY_
PROVIDER_
GROUP
EVENT_
ENABLE_
PROPERTY_
PSM_
KEY
EVENT_
ENABLE_
PROPERTY_
SID
EVENT_
ENABLE_
PROPERTY_
SOURCE_
CONTAINER_
TRACKING
EVENT_
ENABLE_
PROPERTY_
STACK_
TRACE
EVENT_
ENABLE_
PROPERTY_
TS_
ID
EVENT_
FILTER_
TYPE_
CONTAINER
EVENT_
FILTER_
TYPE_
EVENT_
ID
EVENT_
FILTER_
TYPE_
EVENT_
NAME
EVENT_
FILTER_
TYPE_
EXECUTABLE_
NAME
EVENT_
FILTER_
TYPE_
NONE
EVENT_
FILTER_
TYPE_
PACKAGE_
APP_
ID
EVENT_
FILTER_
TYPE_
PACKAGE_
ID
EVENT_
FILTER_
TYPE_
PAYLOAD
EVENT_
FILTER_
TYPE_
PID
EVENT_
FILTER_
TYPE_
SCHEMATIZED
EVENT_
FILTER_
TYPE_
STACKWALK
EVENT_
FILTER_
TYPE_
STACKWALK_
LEVEL_
KW
EVENT_
FILTER_
TYPE_
STACKWALK_
NAME
EVENT_
FILTER_
TYPE_
SYSTEM_
FLAGS
EVENT_
FILTER_
TYPE_
TRACEHANDLE
EVENT_
HEADER_
EXT_
TYPE_
CONTAINER_
ID
EVENT_
HEADER_
EXT_
TYPE_
CONTROL_
GUID
EVENT_
HEADER_
EXT_
TYPE_
EVENT_
KEY
EVENT_
HEADER_
EXT_
TYPE_
EVENT_
SCHEMA_
TL
EVENT_
HEADER_
EXT_
TYPE_
INSTANCE_
INFO
EVENT_
HEADER_
EXT_
TYPE_
MAX
EVENT_
HEADER_
EXT_
TYPE_
PEBS_
INDEX
EVENT_
HEADER_
EXT_
TYPE_
PMC_
COUNTERS
EVENT_
HEADER_
EXT_
TYPE_
PROCESS_
START_
KEY
EVENT_
HEADER_
EXT_
TYPE_
PROV_
TRAITS
EVENT_
HEADER_
EXT_
TYPE_
PSM_
KEY
EVENT_
HEADER_
EXT_
TYPE_
QPC_
DELTA
EVENT_
HEADER_
EXT_
TYPE_
RELATED_
ACTIVITYID
EVENT_
HEADER_
EXT_
TYPE_
SID
EVENT_
HEADER_
EXT_
TYPE_
STACK_
KEY32
EVENT_
HEADER_
EXT_
TYPE_
STACK_
KEY64
EVENT_
HEADER_
EXT_
TYPE_
STACK_
TRAC
E32
EVENT_
HEADER_
EXT_
TYPE_
STACK_
TRAC
E64
EVENT_
HEADER_
EXT_
TYPE_
TS_
ID
EVENT_
HEADER_
FLAG_
32_
BIT_
HEADER
EVENT_
HEADER_
FLAG_
64_
BIT_
HEADER
EVENT_
HEADER_
FLAG_
CLASSIC_
HEADER
EVENT_
HEADER_
FLAG_
DECODE_
GUID
EVENT_
HEADER_
FLAG_
EXTENDED_
INFO
EVENT_
HEADER_
FLAG_
NO_
CPUTIME
EVENT_
HEADER_
FLAG_
PRIVATE_
SESSION
EVENT_
HEADER_
FLAG_
PROCESSOR_
INDEX
EVENT_
HEADER_
FLAG_
STRING_
ONLY
EVENT_
HEADER_
FLAG_
TRACE_
MESSAGE
EVENT_
HEADER_
PROPERTY_
FORWARDED_
XML
EVENT_
HEADER_
PROPERTY_
LEGACY_
EVENTLOG
EVENT_
HEADER_
PROPERTY_
RELOGGABLE
EVENT_
HEADER_
PROPERTY_
XML
EVENT_
LOGGER_
NAME
EVENT_
LOGGER_
NAMEA
EVENT_
LOGGER_
NAMEW
EVENT_
MAX_
LEVEL
EVENT_
MIN_
LEVEL
EVENT_
TRACE_
ADDTO_
TRIAGE_
DUMP
EVENT_
TRACE_
ADD_
HEADER_
MODE
EVENT_
TRACE_
BUFFERING_
MODE
EVENT_
TRACE_
COMPRESSED_
MODE
EVENT_
TRACE_
CONTROL_
CONVERT_
TO_
REALTIME
EVENT_
TRACE_
CONTROL_
FLUSH
EVENT_
TRACE_
CONTROL_
INCREMENT_
FILE
EVENT_
TRACE_
CONTROL_
QUERY
EVENT_
TRACE_
CONTROL_
STOP
EVENT_
TRACE_
CONTROL_
UPDATE
EVENT_
TRACE_
DELAY_
OPEN_
FILE_
MODE
EVENT_
TRACE_
FILE_
MODE_
APPEND
EVENT_
TRACE_
FILE_
MODE_
CIRCULAR
EVENT_
TRACE_
FILE_
MODE_
NEWFILE
EVENT_
TRACE_
FILE_
MODE_
NONE
EVENT_
TRACE_
FILE_
MODE_
PREALLOCATE
EVENT_
TRACE_
FILE_
MODE_
SEQUENTIAL
EVENT_
TRACE_
FLAG_
ALPC
EVENT_
TRACE_
FLAG_
CSWITCH
EVENT_
TRACE_
FLAG_
DBGPRINT
EVENT_
TRACE_
FLAG_
DEBUG_
EVENTS
EVENT_
TRACE_
FLAG_
DISK_
FILE_
IO
EVENT_
TRACE_
FLAG_
DISK_
IO
EVENT_
TRACE_
FLAG_
DISK_
IO_
INIT
EVENT_
TRACE_
FLAG_
DISPATCHER
EVENT_
TRACE_
FLAG_
DPC
EVENT_
TRACE_
FLAG_
DRIVER
EVENT_
TRACE_
FLAG_
ENABLE_
RESERVE
EVENT_
TRACE_
FLAG_
EXTENSION
EVENT_
TRACE_
FLAG_
FILE_
IO
EVENT_
TRACE_
FLAG_
FILE_
IO_
INIT
EVENT_
TRACE_
FLAG_
FORWARD_
WMI
EVENT_
TRACE_
FLAG_
IMAGE_
LOAD
EVENT_
TRACE_
FLAG_
INTERRUPT
EVENT_
TRACE_
FLAG_
JOB
EVENT_
TRACE_
FLAG_
MEMORY_
HARD_
FAULTS
EVENT_
TRACE_
FLAG_
MEMORY_
PAGE_
FAULTS
EVENT_
TRACE_
FLAG_
NETWORK_
TCPIP
EVENT_
TRACE_
FLAG_
NO_
SYSCONFIG
EVENT_
TRACE_
FLAG_
PROCESS
EVENT_
TRACE_
FLAG_
PROCESS_
COUNTERS
EVENT_
TRACE_
FLAG_
PROFILE
EVENT_
TRACE_
FLAG_
REGISTRY
EVENT_
TRACE_
FLAG_
SPLIT_
IO
EVENT_
TRACE_
FLAG_
SYSTEMCALL
EVENT_
TRACE_
FLAG_
THREAD
EVENT_
TRACE_
FLAG_
VAMAP
EVENT_
TRACE_
FLAG_
VIRTUAL_
ALLOC
EVENT_
TRACE_
INDEPENDENT_
SESSION_
MODE
EVENT_
TRACE_
MODE_
RESERVED
EVENT_
TRACE_
NONSTOPPABLE_
MODE
EVENT_
TRACE_
NO_
PER_
PROCESSOR_
BUFFERING
EVENT_
TRACE_
PERSIST_
ON_
HYBRID_
SHUTDOWN
EVENT_
TRACE_
PRIVATE_
IN_
PROC
EVENT_
TRACE_
PRIVATE_
LOGGER_
MODE
EVENT_
TRACE_
REAL_
TIME_
MODE
EVENT_
TRACE_
RELOG_
MODE
EVENT_
TRACE_
SECURE_
MODE
EVENT_
TRACE_
STOP_
ON_
HYBRID_
SHUTDOWN
EVENT_
TRACE_
SYSTEM_
LOGGER_
MODE
EVENT_
TRACE_
TYPE_
ACCEPT
EVENT_
TRACE_
TYPE_
ACKDUP
EVENT_
TRACE_
TYPE_
ACKFULL
EVENT_
TRACE_
TYPE_
ACKPART
EVENT_
TRACE_
TYPE_
CHECKPOINT
EVENT_
TRACE_
TYPE_
CONFIG
EVENT_
TRACE_
TYPE_
CONFIG_
BOOT
EVENT_
TRACE_
TYPE_
CONFIG_
CI_
INFO
EVENT_
TRACE_
TYPE_
CONFIG_
CPU
EVENT_
TRACE_
TYPE_
CONFIG_
DEFRAG
EVENT_
TRACE_
TYPE_
CONFIG_
DEVICEFAMILY
EVENT_
TRACE_
TYPE_
CONFIG_
DPI
EVENT_
TRACE_
TYPE_
CONFIG_
FLIGHTID
EVENT_
TRACE_
TYPE_
CONFIG_
IDECHANNEL
EVENT_
TRACE_
TYPE_
CONFIG_
IRQ
EVENT_
TRACE_
TYPE_
CONFIG_
LOGICALDISK
EVENT_
TRACE_
TYPE_
CONFIG_
MACHINEID
EVENT_
TRACE_
TYPE_
CONFIG_
MOBILEPLATFORM
EVENT_
TRACE_
TYPE_
CONFIG_
NETINFO
EVENT_
TRACE_
TYPE_
CONFIG_
NIC
EVENT_
TRACE_
TYPE_
CONFIG_
NUMANODE
EVENT_
TRACE_
TYPE_
CONFIG_
OPTICALMEDIA
EVENT_
TRACE_
TYPE_
CONFIG_
PHYSICALDISK
EVENT_
TRACE_
TYPE_
CONFIG_
PHYSICALDISK_
EX
EVENT_
TRACE_
TYPE_
CONFIG_
PLATFORM
EVENT_
TRACE_
TYPE_
CONFIG_
PNP
EVENT_
TRACE_
TYPE_
CONFIG_
POWER
EVENT_
TRACE_
TYPE_
CONFIG_
PROCESSOR
EVENT_
TRACE_
TYPE_
CONFIG_
PROCESSORGROUP
EVENT_
TRACE_
TYPE_
CONFIG_
PROCESSORNUMBER
EVENT_
TRACE_
TYPE_
CONFIG_
SERVICES
EVENT_
TRACE_
TYPE_
CONFIG_
VIDEO
EVENT_
TRACE_
TYPE_
CONFIG_
VIRTUALIZATION
EVENT_
TRACE_
TYPE_
CONNECT
EVENT_
TRACE_
TYPE_
CONNFAIL
EVENT_
TRACE_
TYPE_
COPY_
ARP
EVENT_
TRACE_
TYPE_
COPY_
TCP
EVENT_
TRACE_
TYPE_
DBGID_
RSDS
EVENT_
TRACE_
TYPE_
DC_
END
EVENT_
TRACE_
TYPE_
DC_
START
EVENT_
TRACE_
TYPE_
DEQUEUE
EVENT_
TRACE_
TYPE_
DISCONNECT
EVENT_
TRACE_
TYPE_
END
EVENT_
TRACE_
TYPE_
EXTENSION
EVENT_
TRACE_
TYPE_
FLT_
POSTOP_
COMPLETION
EVENT_
TRACE_
TYPE_
FLT_
POSTOP_
FAILURE
EVENT_
TRACE_
TYPE_
FLT_
POSTOP_
INIT
EVENT_
TRACE_
TYPE_
FLT_
PREOP_
COMPLETION
EVENT_
TRACE_
TYPE_
FLT_
PREOP_
FAILURE
EVENT_
TRACE_
TYPE_
FLT_
PREOP_
INIT
EVENT_
TRACE_
TYPE_
GUIDMAP
EVENT_
TRACE_
TYPE_
INFO
EVENT_
TRACE_
TYPE_
IO_
FLUSH
EVENT_
TRACE_
TYPE_
IO_
FLUSH_
INIT
EVENT_
TRACE_
TYPE_
IO_
READ
EVENT_
TRACE_
TYPE_
IO_
READ_
INIT
EVENT_
TRACE_
TYPE_
IO_
REDIRECTED_
INIT
EVENT_
TRACE_
TYPE_
IO_
WRITE
EVENT_
TRACE_
TYPE_
IO_
WRITE_
INIT
EVENT_
TRACE_
TYPE_
LOAD
EVENT_
TRACE_
TYPE_
MM_
AV
EVENT_
TRACE_
TYPE_
MM_
COW
EVENT_
TRACE_
TYPE_
MM_
DZF
EVENT_
TRACE_
TYPE_
MM_
GPF
EVENT_
TRACE_
TYPE_
MM_
HPF
EVENT_
TRACE_
TYPE_
MM_
TF
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
FLUSH
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
FLUSH_
INIT
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
READ
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
READ_
INIT
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
WRITE
EVENT_
TRACE_
TYPE_
OPTICAL_
IO_
WRITE_
INIT
EVENT_
TRACE_
TYPE_
RECEIVE
EVENT_
TRACE_
TYPE_
RECONNECT
EVENT_
TRACE_
TYPE_
REGCLOSE
EVENT_
TRACE_
TYPE_
REGCOMMIT
EVENT_
TRACE_
TYPE_
REGCREATE
EVENT_
TRACE_
TYPE_
REGDELETE
EVENT_
TRACE_
TYPE_
REGDELETEVALUE
EVENT_
TRACE_
TYPE_
REGENUMERATEKEY
EVENT_
TRACE_
TYPE_
REGENUMERATEVALUEKEY
EVENT_
TRACE_
TYPE_
REGFLUSH
EVENT_
TRACE_
TYPE_
REGKCBCREATE
EVENT_
TRACE_
TYPE_
REGKCBDELETE
EVENT_
TRACE_
TYPE_
REGKCBRUNDOWNBEGIN
EVENT_
TRACE_
TYPE_
REGKCBRUNDOWNEND
EVENT_
TRACE_
TYPE_
REGMOUNTHIVE
EVENT_
TRACE_
TYPE_
REGOPEN
EVENT_
TRACE_
TYPE_
REGPREPARE
EVENT_
TRACE_
TYPE_
REGQUERY
EVENT_
TRACE_
TYPE_
REGQUERYMULTIPLEVALUE
EVENT_
TRACE_
TYPE_
REGQUERYSECURITY
EVENT_
TRACE_
TYPE_
REGQUERYVALUE
EVENT_
TRACE_
TYPE_
REGROLLBACK
EVENT_
TRACE_
TYPE_
REGSETINFORMATION
EVENT_
TRACE_
TYPE_
REGSETSECURITY
EVENT_
TRACE_
TYPE_
REGSETVALUE
EVENT_
TRACE_
TYPE_
REGVIRTUALIZE
EVENT_
TRACE_
TYPE_
REPLY
EVENT_
TRACE_
TYPE_
RESUME
EVENT_
TRACE_
TYPE_
RETRANSMIT
EVENT_
TRACE_
TYPE_
SECURITY
EVENT_
TRACE_
TYPE_
SEND
EVENT_
TRACE_
TYPE_
SIDINFO
EVENT_
TRACE_
TYPE_
START
EVENT_
TRACE_
TYPE_
STOP
EVENT_
TRACE_
TYPE_
SUSPEND
EVENT_
TRACE_
TYPE_
TERMINATE
EVENT_
TRACE_
TYPE_
WINEVT_
RECEIVE
EVENT_
TRACE_
TYPE_
WINEVT_
SEND
EVENT_
TRACE_
USE_
GLOBAL_
SEQUENCE
EVENT_
TRACE_
USE_
KBYTES_
FOR_
SIZE
EVENT_
TRACE_
USE_
LOCAL_
SEQUENCE
EVENT_
TRACE_
USE_
NOCPUTIME
EVENT_
TRACE_
USE_
PAGED_
MEMORY
EVENT_
TRACE_
USE_
PROCTIME
EVENT_
WRITE_
FLAG_
INPRIVATE
EVENT_
WRITE_
FLAG_
NO_
FAULTING
EtwCompression
Mode
NoDisable
EtwCompression
Mode
NoRestart
EtwCompression
Mode
Restart
EtwPmc
Owner
Free
EtwPmc
Owner
Tagged
EtwPmc
Owner
Tagged
With
Source
EtwPmc
Owner
Untagged
EtwProvider
Trait
Decode
Guid
EtwProvider
Trait
Type
Group
EtwProvider
Trait
Type
Max
EtwQuery
Last
Dropped
Times
EtwQuery
LogFile
Header
EtwQuery
Partition
Information
EtwQuery
Partition
Information
V2
EtwQuery
Process
Handle
Info
Max
Event
Channel
Information
Event
Information
Max
Event
Keyword
Information
Event
Level
Information
Event
Opcode
Information
Event
Provider
Binary
Track
Info
Event
Provider
SetReserved1
Event
Provider
SetTraits
Event
Provider
UseDescriptor
Type
Event
Security
AddDACL
Event
Security
AddSACL
Event
Security
Max
Event
Security
SetDACL
Event
Security
SetSACL
Event
Task
Information
Event
Trace
Config
Guid
Event
Trace
Guid
File
IoGuid
GLOBAL_
LOGGER_
NAME
GLOBAL_
LOGGER_
NAMEA
GLOBAL_
LOGGER_
NAMEW
Image
Load
Guid
KERNEL_
LOGGER_
NAME
KERNEL_
LOGGER_
NAMEA
KERNEL_
LOGGER_
NAMEW
MAX_
EVENT_
DATA_
DESCRIPTORS
MAX_
EVENT_
FILTERS_
COUNT
MAX_
EVENT_
FILTER_
DATA_
SIZE
MAX_
EVENT_
FILTER_
EVENT_
ID_
COUNT
MAX_
EVENT_
FILTER_
EVENT_
NAME_
SIZE
MAX_
EVENT_
FILTER_
PAYLOAD_
SIZE
MAX_
EVENT_
FILTER_
PID_
COUNT
MAX_
MOF_
FIELDS
MAX_
PAYLOAD_
PREDICATES
MaxEvent
Info
MaxTrace
SetInfo
Class
PAYLOADFIELD_
BETWEEN
PAYLOADFIELD_
CONTAINS
PAYLOADFIELD_
DOESNTCONTAIN
PAYLOADFIELD_
EQ
PAYLOADFIELD_
GE
PAYLOADFIELD_
GT
PAYLOADFIELD_
INVALID
PAYLOADFIELD_
IS
PAYLOADFIELD_
ISNOT
PAYLOADFIELD_
LE
PAYLOADFIELD_
LT
PAYLOADFIELD_
MODULO
PAYLOADFIELD_
NE
PAYLOADFIELD_
NOTBETWEEN
PROCESS_
TRACE_
MODE_
EVENT_
RECORD
PROCESS_
TRACE_
MODE_
RAW_
TIMESTAMP
PROCESS_
TRACE_
MODE_
REAL_
TIME
Page
Fault
Guid
Perf
Info
Guid
Private
Logger
Notification
Guid
Process
Guid
Property
HasCustom
Schema
Property
HasTags
Property
Param
Count
Property
Param
Fixed
Count
Property
Param
Fixed
Length
Property
Param
Length
Property
Struct
PropertyWBEM
XmlFragment
Registry
Guid
SYSTEM_
ALPC_
KW_
GENERAL
SYSTEM_
CONFIG_
KW_
GRAPHICS
SYSTEM_
CONFIG_
KW_
NETWORK
SYSTEM_
CONFIG_
KW_
OPTICAL
SYSTEM_
CONFIG_
KW_
PNP
SYSTEM_
CONFIG_
KW_
SERVICES
SYSTEM_
CONFIG_
KW_
STORAGE
SYSTEM_
CONFIG_
KW_
SYSTEM
SYSTEM_
CPU_
KW_
CACHE_
FLUSH
SYSTEM_
CPU_
KW_
CONFIG
SYSTEM_
CPU_
KW_
SPEC_
CONTROL
SYSTEM_
EVENT_
TYPE
SYSTEM_
HYPERVISOR_
KW_
CALLOUTS
SYSTEM_
HYPERVISOR_
KW_
PROFILE
SYSTEM_
HYPERVISOR_
KW_
VTL_
CHANGE
SYSTEM_
INTERRUPT_
KW_
CLOCK_
INTERRUPT
SYSTEM_
INTERRUPT_
KW_
DPC
SYSTEM_
INTERRUPT_
KW_
DPC_
QUEUE
SYSTEM_
INTERRUPT_
KW_
GENERAL
SYSTEM_
INTERRUPT_
KW_
IPI
SYSTEM_
INTERRUPT_
KW_
WDF_
DPC
SYSTEM_
INTERRUPT_
KW_
WDF_
INTERRUPT
SYSTEM_
IOFILTER_
KW_
FAILURE
SYSTEM_
IOFILTER_
KW_
FASTIO
SYSTEM_
IOFILTER_
KW_
GENERAL
SYSTEM_
IOFILTER_
KW_
INIT
SYSTEM_
IO_
KW_
CC
SYSTEM_
IO_
KW_
DISK
SYSTEM_
IO_
KW_
DISK_
INIT
SYSTEM_
IO_
KW_
DRIVERS
SYSTEM_
IO_
KW_
FILE
SYSTEM_
IO_
KW_
FILENAME
SYSTEM_
IO_
KW_
NETWORK
SYSTEM_
IO_
KW_
OPTICAL
SYSTEM_
IO_
KW_
OPTICAL_
INIT
SYSTEM_
IO_
KW_
SPLIT
SYSTEM_
LOCK_
KW_
SPINLOCK
SYSTEM_
LOCK_
KW_
SPINLOCK_
COUNTERS
SYSTEM_
LOCK_
KW_
SYNC_
OBJECTS
SYSTEM_
MEMORY_
KW_
ALL_
FAULTS
SYSTEM_
MEMORY_
KW_
CONTMEM_
GEN
SYSTEM_
MEMORY_
KW_
FOOTPRINT
SYSTEM_
MEMORY_
KW_
GENERAL
SYSTEM_
MEMORY_
KW_
HARD_
FAULTS
SYSTEM_
MEMORY_
KW_
HEAP
SYSTEM_
MEMORY_
KW_
MEMINFO
SYSTEM_
MEMORY_
KW_
MEMINFO_
WS
SYSTEM_
MEMORY_
KW_
NONTRADEABLE
SYSTEM_
MEMORY_
KW_
PFSECTION
SYSTEM_
MEMORY_
KW_
POOL
SYSTEM_
MEMORY_
KW_
REFSET
SYSTEM_
MEMORY_
KW_
SESSION
SYSTEM_
MEMORY_
KW_
VAMAP
SYSTEM_
MEMORY_
KW_
VIRTUAL_
ALLOC
SYSTEM_
MEMORY_
KW_
WS
SYSTEM_
MEMORY_
POOL_
FILTER_
ID
SYSTEM_
OBJECT_
KW_
GENERAL
SYSTEM_
OBJECT_
KW_
HANDLE
SYSTEM_
POWER_
KW_
GENERAL
SYSTEM_
POWER_
KW_
HIBER_
RUNDOWN
SYSTEM_
POWER_
KW_
IDLE_
SELECTION
SYSTEM_
POWER_
KW_
PPM_
EXIT_
LATENCY
SYSTEM_
POWER_
KW_
PROCESSOR_
IDLE
SYSTEM_
PROCESS_
KW_
DBGPRINT
SYSTEM_
PROCESS_
KW_
DEBUG_
EVENTS
SYSTEM_
PROCESS_
KW_
FREEZE
SYSTEM_
PROCESS_
KW_
GENERAL
SYSTEM_
PROCESS_
KW_
INSWAP
SYSTEM_
PROCESS_
KW_
JOB
SYSTEM_
PROCESS_
KW_
LOADER
SYSTEM_
PROCESS_
KW_
PERF_
COUNTER
SYSTEM_
PROCESS_
KW_
THREAD
SYSTEM_
PROCESS_
KW_
WAKE_
COUNTER
SYSTEM_
PROCESS_
KW_
WAKE_
DROP
SYSTEM_
PROCESS_
KW_
WAKE_
EVENT
SYSTEM_
PROCESS_
KW_
WORKER_
THREAD
SYSTEM_
PROFILE_
KW_
GENERAL
SYSTEM_
PROFILE_
KW_
PMC_
PROFILE
SYSTEM_
REGISTRY_
KW_
GENERAL
SYSTEM_
REGISTRY_
KW_
HIVE
SYSTEM_
REGISTRY_
KW_
NOTIFICATION
SYSTEM_
SCHEDULER_
KW_
AFFINITY
SYSTEM_
SCHEDULER_
KW_
ANTI_
STARVATION
SYSTEM_
SCHEDULER_
KW_
COMPACT_
CSWITCH
SYSTEM_
SCHEDULER_
KW_
CONTEXT_
SWITCH
SYSTEM_
SCHEDULER_
KW_
DISPATCHER
SYSTEM_
SCHEDULER_
KW_
IDEAL_
PROCESSOR
SYSTEM_
SCHEDULER_
KW_
KERNEL_
QUEUE
SYSTEM_
SCHEDULER_
KW_
LOAD_
BALANCER
SYSTEM_
SCHEDULER_
KW_
PRIORITY
SYSTEM_
SCHEDULER_
KW_
SHOULD_
YIELD
SYSTEM_
SCHEDULER_
KW_
XSCHEDULER
SYSTEM_
SYSCALL_
KW_
GENERAL
SYSTEM_
TIMER_
KW_
CLOCK_
TIMER
SYSTEM_
TIMER_
KW_
GENERAL
Split
IoGuid
System
Alpc
Provider
Guid
System
Config
Provider
Guid
System
CpuProvider
Guid
System
Hypervisor
Provider
Guid
System
Interrupt
Provider
Guid
System
IoFilter
Provider
Guid
System
IoProvider
Guid
System
Lock
Provider
Guid
System
Memory
Provider
Guid
System
Object
Provider
Guid
System
Power
Provider
Guid
System
Process
Provider
Guid
System
Profile
Provider
Guid
System
Registry
Provider
Guid
System
Scheduler
Provider
Guid
System
Syscall
Provider
Guid
System
Timer
Provider
Guid
System
Trace
Control
Guid
TDH_
CONTEXT_
MAXIMUM
TDH_
CONTEXT_
PDB_
PATH
TDH_
CONTEXT_
POINTERSIZE
TDH_
CONTEXT_
WPP_
GMT
TDH_
CONTEXT_
WPP_
TMFFILE
TDH_
CONTEXT_
WPP_
TMFSEARCHPATH
TDH_
INTYPE_
ANSICHAR
TDH_
INTYPE_
ANSISTRING
TDH_
INTYPE_
BINARY
TDH_
INTYPE_
BOOLEAN
TDH_
INTYPE_
COUNTEDANSISTRING
TDH_
INTYPE_
COUNTEDSTRING
TDH_
INTYPE_
DOUBLE
TDH_
INTYPE_
FILETIME
TDH_
INTYPE_
FLOAT
TDH_
INTYPE_
GUID
TDH_
INTYPE_
HEXDUMP
TDH_
INTYPE_
HEXIN
T32
TDH_
INTYPE_
HEXIN
T64
TDH_
INTYPE_
INT8
TDH_
INTYPE_
INT16
TDH_
INTYPE_
INT32
TDH_
INTYPE_
INT64
TDH_
INTYPE_
MANIFEST_
COUNTEDANSISTRING
TDH_
INTYPE_
MANIFEST_
COUNTEDBINARY
TDH_
INTYPE_
MANIFEST_
COUNTEDSTRING
TDH_
INTYPE_
NONNULLTERMINATEDANSISTRING
TDH_
INTYPE_
NONNULLTERMINATEDSTRING
TDH_
INTYPE_
NULL
TDH_
INTYPE_
POINTER
TDH_
INTYPE_
RESERVE
D24
TDH_
INTYPE_
REVERSEDCOUNTEDANSISTRING
TDH_
INTYPE_
REVERSEDCOUNTEDSTRING
TDH_
INTYPE_
SID
TDH_
INTYPE_
SIZET
TDH_
INTYPE_
SYSTEMTIME
TDH_
INTYPE_
UINT8
TDH_
INTYPE_
UINT16
TDH_
INTYPE_
UINT32
TDH_
INTYPE_
UINT64
TDH_
INTYPE_
UNICODECHAR
TDH_
INTYPE_
UNICODESTRING
TDH_
INTYPE_
WBEMSID
TDH_
OUTTYPE_
BOOLEAN
TDH_
OUTTYPE_
BYTE
TDH_
OUTTYPE_
CIMDATETIME
TDH_
OUTTYPE_
CODE_
POINTER
TDH_
OUTTYPE_
CULTURE_
INSENSITIVE_
DATETIME
TDH_
OUTTYPE_
DATETIME
TDH_
OUTTYPE_
DATETIME_
UTC
TDH_
OUTTYPE_
DOUBLE
TDH_
OUTTYPE_
ERRORCODE
TDH_
OUTTYPE_
ETWTIME
TDH_
OUTTYPE_
FLOAT
TDH_
OUTTYPE_
GUID
TDH_
OUTTYPE_
HEXBINARY
TDH_
OUTTYPE_
HEXIN
T8
TDH_
OUTTYPE_
HEXIN
T16
TDH_
OUTTYPE_
HEXIN
T32
TDH_
OUTTYPE_
HEXIN
T64
TDH_
OUTTYPE_
HRESULT
TDH_
OUTTYPE_
INT
TDH_
OUTTYPE_
IPV4
TDH_
OUTTYPE_
IPV6
TDH_
OUTTYPE_
JSON
TDH_
OUTTYPE_
LONG
TDH_
OUTTYPE_
NOPRINT
TDH_
OUTTYPE_
NTSTATUS
TDH_
OUTTYPE_
NULL
TDH_
OUTTYPE_
PID
TDH_
OUTTYPE_
PKCS7_
WITH_
TYPE_
INFO
TDH_
OUTTYPE_
PORT
TDH_
OUTTYPE_
REDUCEDSTRING
TDH_
OUTTYPE_
SHORT
TDH_
OUTTYPE_
SOCKETADDRESS
TDH_
OUTTYPE_
STRING
TDH_
OUTTYPE_
TID
TDH_
OUTTYPE_
UNSIGNEDBYTE
TDH_
OUTTYPE_
UNSIGNEDINT
TDH_
OUTTYPE_
UNSIGNEDLONG
TDH_
OUTTYPE_
UNSIGNEDSHORT
TDH_
OUTTYPE_
UTF8
TDH_
OUTTYPE_
WIN32ERROR
TDH_
OUTTYPE_
XML
TEMPLATE_
CONTROL_
GUID
TEMPLATE_
EVENT_
DATA
TEMPLATE_
USER_
DATA
TRACELOG_
ACCESS_
KERNEL_
LOGGER
TRACELOG_
ACCESS_
REALTIME
TRACELOG_
CREATE_
INPROC
TRACELOG_
CREATE_
ONDISK
TRACELOG_
CREATE_
REALTIME
TRACELOG_
GUID_
ENABLE
TRACELOG_
JOIN_
GROUP
TRACELOG_
LOG_
EVENT
TRACELOG_
REGISTER_
GUIDS
TRACE_
HEADER_
FLAG_
LOG_
WNODE
TRACE_
HEADER_
FLAG_
TRACED_
GUID
TRACE_
HEADER_
FLAG_
USE_
GUID_
PTR
TRACE_
HEADER_
FLAG_
USE_
MOF_
PTR
TRACE_
HEADER_
FLAG_
USE_
TIMESTAMP
TRACE_
LEVEL_
CRITICAL
TRACE_
LEVEL_
ERROR
TRACE_
LEVEL_
FATAL
TRACE_
LEVEL_
INFORMATION
TRACE_
LEVEL_
NONE
TRACE_
LEVEL_
RESERVE
D6
TRACE_
LEVEL_
RESERVE
D7
TRACE_
LEVEL_
RESERVE
D8
TRACE_
LEVEL_
RESERVE
D9
TRACE_
LEVEL_
VERBOSE
TRACE_
LEVEL_
WARNING
TRACE_
MESSAGE_
COMPONENTID
TRACE_
MESSAGE_
FLAG_
MASK
TRACE_
MESSAGE_
GUID
TRACE_
MESSAGE_
PERFORMANCE_
TIMESTAMP
TRACE_
MESSAGE_
POINTE
R32
TRACE_
MESSAGE_
POINTE
R64
TRACE_
MESSAGE_
SEQUENCE
TRACE_
MESSAGE_
SYSTEMINFO
TRACE_
MESSAGE_
TIMESTAMP
TRACE_
PROVIDER_
FLAG_
LEGACY
TRACE_
PROVIDER_
FLAG_
PRE_
ENABLE
TcpIp
Guid
Thread
Guid
Trace
Disallow
List
Query
Trace
Group
Query
Info
Trace
Group
Query
List
Trace
Guid
Query
Info
Trace
Guid
Query
List
Trace
Guid
Query
Process
Trace
Info
Reserved15
Trace
LbrConfiguration
Info
Trace
LbrEvent
List
Info
Trace
MaxLoggers
Query
Trace
MaxPmc
Counter
Query
Trace
Periodic
Capture
State
Info
Trace
Periodic
Capture
State
List
Info
Trace
PmcCounter
List
Info
Trace
PmcCounter
Owners
Trace
PmcEvent
List
Info
Trace
PmcSession
Information
Trace
Profile
Source
Config
Info
Trace
Profile
Source
List
Info
Trace
Provider
Binary
Tracking
Trace
Sampled
Profile
Interval
Info
Trace
SetDisallow
List
Trace
Stack
Caching
Info
Trace
Stack
Tracing
Info
Trace
Stream
Count
Trace
System
Trace
Enable
Flags
Info
Trace
Unified
Stack
Caching
Info
Trace
Version
Info
UdpIp
Guid
WMIGUID_
EXECUTE
WMIGUID_
NOTIFICATION
WMIGUID_
QUERY
WMIGUID_
READ_
DESCRIPTION
WMIGUID_
SET
WMIREG_
FLAG_
EVENT_
ONLY_
GUID
WMIREG_
FLAG_
EXPENSIVE
WMIREG_
FLAG_
INSTANCE_
BASENAME
WMIREG_
FLAG_
INSTANCE_
LIST
WMIREG_
FLAG_
INSTANCE_
PDO
WMIREG_
FLAG_
REMOVE_
GUID
WMIREG_
FLAG_
RESERVE
D1
WMIREG_
FLAG_
RESERVE
D2
WMIREG_
FLAG_
TRACED_
GUID
WMIREG_
FLAG_
TRACE_
CONTROL_
GUID
WMI_
CAPTURE_
STATE
WMI_
DISABLE_
COLLECTION
WMI_
DISABLE_
EVENTS
WMI_
ENABLE_
COLLECTION
WMI_
ENABLE_
EVENTS
WMI_
EXECUTE_
METHOD
WMI_
GET_
ALL_
DATA
WMI_
GET_
SINGLE_
INSTANCE
WMI_
GLOBAL_
LOGGER_
ID
WMI_
GUIDTYPE_
DATA
WMI_
GUIDTYPE_
EVENT
WMI_
GUIDTYPE_
TRACE
WMI_
GUIDTYPE_
TRACECONTROL
WMI_
REGINFO
WMI_
SET_
SINGLE_
INSTANCE
WMI_
SET_
SINGLE_
ITEM
WNODE_
FLAG_
ALL_
DATA
WNODE_
FLAG_
ANSI_
INSTANCENAMES
WNODE_
FLAG_
EVENT_
ITEM
WNODE_
FLAG_
EVENT_
REFERENCE
WNODE_
FLAG_
FIXED_
INSTANCE_
SIZE
WNODE_
FLAG_
INSTANCES_
SAME
WNODE_
FLAG_
INTERNAL
WNODE_
FLAG_
LOG_
WNODE
WNODE_
FLAG_
METHOD_
ITEM
WNODE_
FLAG_
NO_
HEADER
WNODE_
FLAG_
PDO_
INSTANCE_
NAMES
WNODE_
FLAG_
PERSIST_
EVENT
WNODE_
FLAG_
SEND_
DATA_
BLOCK
WNODE_
FLAG_
SEVERITY_
MASK
WNODE_
FLAG_
SINGLE_
INSTANCE
WNODE_
FLAG_
SINGLE_
ITEM
WNODE_
FLAG_
STATIC_
INSTANCE_
NAMES
WNODE_
FLAG_
TOO_
SMALL
WNODE_
FLAG_
TRACED_
GUID
WNODE_
FLAG_
USE_
GUID_
PTR
WNODE_
FLAG_
USE_
MOF_
PTR
WNODE_
FLAG_
USE_
TIMESTAMP
WNODE_
FLAG_
VERSIONED_
PROPERTIES
Traits
§
ITrace
Event
Callback_
Impl
ITrace
Event_
Impl
ITrace
Relogger_
Impl
Functions
§
Close
Trace
⚠
Control
TraceA
⚠
Control
TraceW
⚠
Create
Trace
Instance
Id
⚠
CveEvent
Write
⚠
Enable
Trace
⚠
Enable
Trace
Ex
⚠
Enable
Trace
Ex2
⚠
Enumerate
Trace
Guids
⚠
Enumerate
Trace
Guids
Ex
⚠
Event
Access
Control
⚠
Event
Access
Query
⚠
Event
Access
Remove
⚠
Event
Activity
IdControl
⚠
Event
Enabled
⚠
Event
Provider
Enabled
⚠
Event
Register
⚠
Event
SetInformation
⚠
Event
Unregister
⚠
Event
Write
⚠
Event
Write
Ex
⚠
Event
Write
String
⚠
Event
Write
Transfer
⚠
Flush
TraceA
⚠
Flush
TraceW
⚠
GetTrace
Enable
Flags
⚠
GetTrace
Enable
Level
⚠
GetTrace
Logger
Handle
⚠
Open
TraceA
⚠
Open
Trace
From
Buffer
Stream
⚠
Open
Trace
From
File
⚠
Open
Trace
From
Real
Time
Logger
⚠
Open
Trace
From
Real
Time
Logger
With
Allocation
Options
⚠
Open
TraceW
⚠
Process
Trace
⚠
Process
Trace
AddBuffer
ToBuffer
Stream
⚠
Process
Trace
Buffer
Decrement
Reference
⚠
Process
Trace
Buffer
Increment
Reference
⚠
Query
AllTracesA
⚠
Query
AllTracesW
⚠
Query
TraceA
⚠
Query
Trace
Processing
Handle
⚠
Query
TraceW
⚠
Register
Trace
GuidsA
⚠
Register
Trace
GuidsW
⚠
Remove
Trace
Callback
⚠
SetTrace
Callback
⚠
Start
TraceA
⚠
Start
TraceW
⚠
Stop
TraceA
⚠
Stop
TraceW
⚠
TdhAggregate
Payload
Filters
⚠
TdhCleanup
Payload
Event
Filter
Descriptor
⚠
TdhClose
Decoding
Handle
⚠
TdhCreate
Payload
Filter
⚠
TdhDelete
Payload
Filter
⚠
TdhEnumerate
Manifest
Provider
Events
⚠
TdhEnumerate
Provider
Field
Information
⚠
TdhEnumerate
Provider
Filters
⚠
TdhEnumerate
Providers
⚠
TdhEnumerate
Providers
ForDecoding
Source
⚠
TdhFormat
Property
⚠
TdhGet
Decoding
Parameter
⚠
TdhGet
Event
Information
⚠
TdhGet
Event
MapInformation
⚠
TdhGet
Manifest
Event
Information
⚠
TdhGet
Property
⚠
TdhGet
Property
Size
⚠
TdhGet
WppMessage
⚠
TdhGet
WppProperty
⚠
TdhLoad
Manifest
⚠
TdhLoad
Manifest
From
Binary
⚠
TdhLoad
Manifest
From
Memory
⚠
TdhOpen
Decoding
Handle
⚠
TdhQuery
Provider
Field
Information
⚠
TdhSet
Decoding
Parameter
⚠
TdhUnload
Manifest
⚠
TdhUnload
Manifest
From
Memory
⚠
Trace
Event
⚠
Trace
Event
Instance
⚠
Trace
Message
⚠
Trace
Message
Va
⚠
Trace
Query
Information
⚠
Trace
SetInformation
⚠
Unregister
Trace
Guids
⚠
Update
TraceA
⚠
Update
TraceW
⚠
Type Aliases
§
PENABLECALLBACK
PETW_
BUFFER_
CALLBACK
PETW_
BUFFER_
COMPLETION_
CALLBACK
PEVENT_
CALLBACK
PEVENT_
RECORD_
CALLBACK
PEVENT_
TRACE_
BUFFER_
CALLBACKA
PEVENT_
TRACE_
BUFFER_
CALLBACKW
WMIDPREQUEST
Unions
§
ETW_
BUFFER_
CONTEXT_
0
EVENT_
DATA_
DESCRIPTOR_
0
EVENT_
HEADER_
0
EVENT_
INSTANCE_
HEADER_
0
EVENT_
INSTANCE_
HEADER_
1
EVENT_
INSTANCE_
HEADER_
2
EVENT_
MAP_
ENTRY_
0
EVENT_
MAP_
INFO_
0
EVENT_
PROPERTY_
INFO_
0
EVENT_
PROPERTY_
INFO_
1
EVENT_
PROPERTY_
INFO_
2
EVENT_
PROPERTY_
INFO_
3
EVENT_
TRACE_
0
EVENT_
TRACE_
HEADER_
0
EVENT_
TRACE_
HEADER_
1
EVENT_
TRACE_
HEADER_
2
EVENT_
TRACE_
HEADER_
3
EVENT_
TRACE_
LOGFILEA_
0
EVENT_
TRACE_
LOGFILEA_
1
EVENT_
TRACE_
LOGFILEW_
0
EVENT_
TRACE_
LOGFILEW_
1
EVENT_
TRACE_
PROPERTIES_
0
EVENT_
TRACE_
PROPERTIES_
V2_
0
EVENT_
TRACE_
PROPERTIES_
V2_
1
EVENT_
TRACE_
PROPERTIES_
V2_
2
TRACE_
EVENT_
INFO_
0
TRACE_
EVENT_
INFO_
1
TRACE_
EVENT_
INFO_
2
TRACE_
LOGFILE_
HEADE
R32_
0
TRACE_
LOGFILE_
HEADE
R32_
1
TRACE_
LOGFILE_
HEADE
R64_
0
TRACE_
LOGFILE_
HEADE
R64_
1
TRACE_
LOGFILE_
HEADER_
0
TRACE_
LOGFILE_
HEADER_
1
WMIREGGUIDW_
0
WNODE_
ALL_
DATA_
0
WNODE_
EVENT_
REFERENCE_
0
WNODE_
HEADER_
0
WNODE_
HEADER_
1